attempts at direct access to struts webapp should automatically redirect the request to an authorisation-server once fully authenticated the original-request is then sent to "struts-app"
JSR-286 portlet-api frameworks have handled role assignment and authorisation for better part of 10 years Here is a partial list of JSR-286 portlet-api frameworks you can use: https://en.wikipedia.org/wiki/List_of_enterprise_portal_vendors List of enterprise portal vendors - Wikipedia<https://en.wikipedia.org/wiki/List_of_enterprise_portal_vendors> This is a list of notable vendors of enterprise portals.An enterprise portal is a framework for integrating information, people and processes across organizational boundaries. en.wikipedia.org the HTTP Header LOCATION is where you want to redirect to on seeing 302 MOVED TEMP if (code == HttpURLConnection.HTTP_MOVED_TEMP) { System.out.println("doPost response code is 302 (HTTP_MOVED_TEMP) about to getHeaderField(\"Location\")"); token = urlc.getHeaderField("Location"); System.out.println("doPost token="+token); } those details should be handled by JSR-286 portlet server since this has nothing to do with using struts we can continue this offline as necessary hth Martin- ________________________________ From: Asad Habib <asadhha...@gmail.com> Sent: Sunday, March 10, 2019 3:25 AM To: Struts Users Mailing List Subject: Struts 1.3 and OAuth2 Has anyone successfully been able to integrate OAuth2 to authorize calls made to an API built using Struts 1.3? I haven't seen any examples of this online. Any help would be appreciated. Thanks.
